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(54) Method for controlling access to areas in communications network systems 



(57) Method for controlling access to areas in com- 
munications networks comprising the steps of: 

• dividing each network into access areas (AA) to 
whch terminals are connected; 

• opening an access session in at least one termir^l 

(T); 

• obtaining from said terminal (T), access area data 
(AAD) for the area in which the terminal (T) is con- 
nected; 



establishing a user context associated with said ac- 
cess session and based on said data, containing 
information on terminal identity and terminal type; 
checking the subscription of said terminal, using 
said user context for opening a service session or 
for participating in a prevbusly opened service ses- 
sion; and 

admitting or rejecting a request for opening a serv- 
ice session or for participating in a previously 
opened sen^ice session in saki terminal. 
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Description 

[0001] The present invention relates to a method for 
controlling access to areas in a* communications net- 
work system. 

[0002] More specifically, the invention is implemented 
in a Telecommunications Information Networking Archi- 
tecture, known as TINA, which is a distributed sofhware 
architecture for telecommunications defined by an inter- 
national consortium known as the TINA Consortium. 
[0003] A communications network according to the 
TINA architecture includes retailer donnains, consumer 
domains and connectivity provkJer donnains. The 
present invention proposes a method for checking and 
controlling the connectk)n of terminals to the network, 
controlled and managed by connectivity provklers, for 
receiving the services offered by retailer domains. 

BACKGROUND OF THE INVENTION 

[0004] Tl N A does not provide any method for check- 
ing whether the terminals are connected to the net- 
works, controlled and managed by the connectivity pro- 
viders, or whether they are suitable and accessible for 
the services that are being offered to them by the retail- 
er. 

[0005] Consequently, it can occur that when a user 
requests a servk:e from a retailer, said service cannot 
be provided either because the terminal is connected to 
a network which is not the appropriate one for sakl serv- 
ice, or because rt is connected to a network controlled 
and managed by a connectivity supplier that lacks direct 
or indirect interaction (through a federatkxi of connec- 
tivity providers) with the corresponding retailer domain 
in whfch the service was requested. This makes it nec- 
essary to carry out a series of interactions with the re- 
tailer that could be avoided if the necessary checking 
had been done beforehand. 

[0006] At present, in TINA, the retailer donr^n as- 
sumes that the terminals are connected to networks di- 
rectly or indirectly associated with the retailer through 
the corresponding connectivity providers and, conse- 
quently, the request for a directly associated connectiv- 
ity provider always takes place, even when the temninal 
is on an ir^accessible or unsuitable network, for which 
reason, at the end, the connection is not achieved de- 
spite having used unnecessarily the resources of the 
connectivity provkJer domain. 

[0007] As a result it is necessary to have available a 
method for checking the connection and the accessibil- 
ity and compatibility of the terminal for receiving the 
sendees provkied by the retailer. 

SUMMARY OF THE INVENTION 

[0008] To overcome the drawbacks mentioned atxive, 
the method object the present inventon, for control- 
ling access to areas in a communications network is pro- 



posed, according to which, networks can be divided into 
one or a plurality of areas in whch the terminals are con- 
nected. The terminals can be connected to one or to 
several access areas. 

5 [0009] The access areas are characterised by means 
of access area data that contain information relative to 
one or nrrare identifiers of the connectivity provider and 
of the network types provided by said connectivity pro- 
viders to which the terminal is connected. Said data 

10 must be held in the terminal. In a fixed temninal, the data 
mentioned are Inserted at terminal initialisatk>n. The ter- 
minal initialisation is a process that comprises the cre- 
ation of components necessary in the terminal by pro- 
vkjing the necessary terminal configuration values. 

IS [0010] In a mobile terminal, said data shall be includ- 
ed, either by the user or else automatically by the temni- 
nal, when the latter accesses to a new access area of 
the network. 

[0011] The method for controlling access to areas in 
20 a communicatbns system, according to the present in- 
ventktn is thus characterised in comprising the steps of: 

dividing each network into access areas (AA) to 
which terminals are connected, each access area 
25 (AA) being represented by data of the access area 
(AAD) to which each terminal (T) is connected; 
opening an access session in at least one terminal 
CT): 

obtaining from said terminal (T) said data of the ac- 
30 cess area (AAD) to which the terminal (T) is con- 
nected through a provider agent (PA) software com- 
ponent; 

supplying sakJ access area data (AAD) obtained to 
a user agent (U A) software component where a us- 

35 er context associated with said access session is 
established and whk:h contains information relative 
to terminal kJentity artd terminal type; 
checking the subscription of said terminal, using 
saki user context in a subscriptk>n management 

40 subsystem (SMS) for opening a service session or 
for partk:ipating in a prevbusly opened service ses- 
skxi; and 

admitting or rejecting a request for opening a serv- 
k:e sesskxi or for participating in a previously 
45 opened servk^e session in said terminal according 
to the result of the checking made in the preceding 
step. 

[0012] This and further embodiments of the inventk>n 
^ are described in more detail hereinbelow as well as in 
the claims. 

BRIEF DESCRIPTION OF THE DRAWINGS 

55 [001 3] Figure 1 corresponds to a representation of the 
inf ormatbn model related to the access area concept in 
a communbatkjns networic. 

[0014] Figure 2 is a schematic diagram showing the 
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software cximponents that intervene in the implementa- 
tion of the method of the invention. 

DESCRIPTION OF THE PREFERRED EMBODIMENT 

5 

[0015] The TINA cxjmmunlcation network system, 
over which is laid the TINA software architecture and 
where the method for controlling access to areas in a 
communications network as is proposed In the present 
inventbn is implemented, is formed by one or several io 
networks, each network being divkJed into retailer, con- 
sumer and connectivity provkJer domains. Furthermore, 
each network includes a set of switches, for example 
ATM switches, controlled through interfaces open to TI- 
NA connectkxi management components. 
[0016] These components, together with the remain- 
ing components fomning the TINA architecture, are 
placed in the Tl N A user term inals such as personal conrv 
puters or workstations, and on the nodes, which are nor- 
mally also workstatbns, that control the network switch- 20 
es. 

[001 7] The Tl NA components are lodged on a Distrib- 
uted Processing Environment (DPE), based on the 
known CORBA architecture (Common Object Request 
Broker Architecture), which permits said nodes and ter- 2s 
minals to have different software/hardware technok>- 
gies or manufacturers. These nodes and terminals hav- 
ing a DPE core are interconnected with each other form- 
ing what is called the transport network for the DPE 
cores or Kernel Transport Network (KTN). The connec- 30 
tions for streamed data, such as vkieo or audio signals, 
are controlled by means of the TINA connection man- 
agement components that operate on the switches that 
make up the transport network. The KTN network can 
be an independent network or it can be a network that 35 
makes use of connectkxts in the transport network. 
[0018] The type of connectk>n between DPE cores 
achieved by means of the Kernel Transport Network 
(KTN) must be always present in every terminal, for 
whk^h reason the access area data refer only to the "fo 
transport network that supports the connectivity re- 
quired for the services offered by the retailer or by the 
indirect services provider. 

[0019] Each retailer domain (1) incorporates, inter 
alia, the fdtowing scrftware components, of the TINA 45 
standard type: 

user agent (UA), which represents the end user or 
subscriber when partk:ipating in service sessions; 
and so 
subscription agent (SubA), whk:h has the task of 
controlling the subscriptkxis available for a user or 
a terminal. 

[0020] In turn, each consumer domain (2) incorpo- 55 
rates the following software components: 

provkier agent (PA), whk:h represents the provider 



of the services supported in the terminal; and 
sendee session user application (ssUAP), which as 
its name indicates, represents the user application 
and is located in the consumer domain. 

[0021] The representation of an information nrKxJel for 
the concept of access areas related to other TINA infor- 
nnation objects can be seen in figure 1 wherein a nota- 
tion in conformity with the Object Modelling Technique 
(OMT), normally employed in TINA, is employed. 
[0022] A terminal (T) can be connected to one or sev- 
eral networks of the same or different network technol- 
ogy, for example ATM (Asynchronous transfer Mode) 
or IP (Internet Protocol). These networks can be con- 
trolled by one or nrKjre connectivity providers (3). The 
concept of access areas represents an area of one or 
several networks to whrch the terminal is connected and 
also contains informatbn on the corresponding connec- 
tivity providers (3). The access area data (AAD) contain 
information on the networit type (NT) utilised, to whch 
the terminal has been connected, and the correspond- 
ing connectivity provider identifiers (CPI). Each network 
(N) is identified by a network identifier (NM), which con- 
tains the network type (NT). 

[0023] The access area concept is applicable to both 
fixed and mobile terminals. The fixed terminal establish- 
es the access area at terminal initialisatk>n, and the mo- 
bile terminal updates the access area In the terminal 
each time the terminal is registered in the network, in 
the retailer domain (1), in order to indicate that the ter- 
minal has been connected to the network. The mobile 
terminal, consequently, indicates the access area to 
which the terminal is connected. Saki access area is 
checked subsequently by a subscription management 
subsystem (SMS) in the following manner: 

When a nrK>bile terminal is registered in the network, 
that is, in a retailer donnain (1 ), the service profile 
(SP) of the terminal mobility contains a list of the 
data of access areas permitted or available for the 
mobile terminal. In this case, the terminal passes 
the access area data to the retailer domain (1) for 
checking in the subscription management subsys- 
tem (SMS), via a subscriptton agent, that the area 
in which the terminal is connected is an area per- 
mitted for terminal mobility. 
Each time a service session is established with a 
mobile temninal, the corresponding service profiles 
(SP) contain the access areas data list required for 
said service. In this case, the provider agent (PA) 
obtains the access area data by invoking an oper- 
ation relative to the terminal configuration in a soft- 
ware conrtponent termed terminal controller (TC), 
.which is incorporated in the terminal. The provkJer 
agent (PA) passes these data to the user agent (U A) 
for establishing the user context in an access ses- 
skn. The user context holds informatbn relative to 
terminal kJentity, terminal type and rTK>bility type. 



15 



20 



25 



3 



5 



EP 0 964 587 A2 



6 



among other Items of infomnation that may be of in- 
terest depending on the requirements of each ap- 
plication. 

[0024] The terminal controller (TC) is a software com- s 
ponent that is located in the consumer domain and con- 
tains information concerning the terminal configuration, 
which includes, among other items, temninal identity, ter- 
minal type, mobility type, network address and data of 
the access areas in which the fixed or mobile terminal io 
has been connected or registered. 
[0025] The terminal controller (TC) has certain func- 
tionalities that are common for both fixed and mcbWe ter- 
minals, including some specific functionality about mo- 
bility type. 

[0026] The main functionalities common to all types 
of terminal mobility are the functions related to the han- 
dling of the terminal configuration. 
[0027] The terminal configuration is obtained from the 
terminal controller (TC) by invoking the corresponding 20 
operation by the provider agent (PA). 
[0028] The data of the terminal configuratkxi, which 
are transferred in said operation, are: terminal kientity, 
terminal type, mobility type and access area data. 
[0029] The access area obtained is then passed from 
the provkJer agent (PA) to another software component 
termed user agent (UA) in a user context set up opera- 
tion performed In the latter. In the user agent (UA) It will 
be necessary to employ this access area when checking 
the service subscriptbn by interacting with the subscrip- 30 
tion management through the subscription agent 
(SubA). 

[0030] In figure 1 , the expression 1 + means an asso- 
ciatk)n or relation with one or more entities. Thus, rt can 
be seen that the access area (AA) can be associated 3S 
with one or several networks (N); a network can be as- 
sociated with one or several access areas; a terminal 
(T) can be connected to none, one or several access 
areas belonging to one or several networks (N) of one 
or several connectivity providers (3). 40 
[0031] When an access session is opened in a termi- 
nal, the provider agent (PA) obtains from the tenminal 
data of the access area (AAD) to whbh the terminal is 
connected and provides said data to the user agent (U A) 
while the latter sets up the user context associated with ^ 
said access session by employing the corresponding 
operatk>n. From this moment, the user agent (UA) 
knows the access area to whk:h the terminal is connect- 
ed in said access session. 

[0032] When the user requests the opening of a serv- so 
be session or is invited to partidpate in a service ses- 
sion through the corresponding user agent (UA), as is 
presently defined in TINA, the user agent (UA) on check- 
ing the subscriptk>n to saki service, transfers to sub- 
scription management, by means of the subscription ss 
agent (SubA), the data corresponding to the access ar- 
ea to whk:h the terminal is connected, for checking that 
it is a permitted or suitable area for the sen/be request- 



ed. 

[0033] The servrce profiles (SP) corresponding to the 
service templates (ST) of the services that a retailer (1 ) 
offers, supported with the subscription nr^agement, 
shall have to contain an access areas data list (AADL) 
necessary for said service, and if the data of the access 
areas to which the terminal is connected are not in com- 
pliance with the data contained in said list, the setting 
up of the servk:e sessbn or the participation in an al- 
ready established session shall be rejected, with indica- 
tion of the reason therefor. 

[0034] In the case of mobile terminals, when the ter- 
minal is registered in the network in the retailer domain 
(1 ), it transfers to the network the access area data 
(AAD) corresponding to the access area (AA) to whk;h 
the terminal is connected. Before accepting registration, 
the network shall have to check subscription to the ter- 
minal mobility service and whether the data of the ac- 
cess area to whk^h it is connected are permitted data. 
[0035] In this data subscriptkxi checking process in 
the subscriptbn management, through the subscriptbn 
agent (SubA), the access area data (AAD) are also 
transferred, and if these access area data are not in 
compliance with the data in the access areas data list 
(AADL) permitted for this service in the service profile 
(SP) for terminal mobility, then the terminal registration 
shall be rejected, with indication of the reason therefor. 
[0036] Finally it is to be noted that the method of the 
present inventbn is intended to be used as a computer 
program comprising computer program code means. 
Therefore the present invention also relates to said com- 
puter program as well as a computer readable medium 
having said program recorded thereon, and comprising 
sab computer program code means adapted to perform 
all the steps of the method of the inventbn when said 
program is run on a computer. 



Claims 

1 . Method for controlling access to areas In a commu- 
n batons system, said system comprising at least 
one communbations networit which comprises at 
least one retailer domain (1) whbh has interactbn 
with at least one connectivity provber domain (3), 
and a plurality of terminals (T) whbh are capable of 
opening access sessbns or sen/be sessbns. or 
participating in previously opened service sessbns, 
characterised in that it comprises the steps of: 

dividing each networic into access areas (AA) 
to which terminals are connected, each access 
area (AA) being represented by data of the ac- 
cess area (AAD) to which each terminal (T) is 
connected; 

opening an access sessbn in at least one ter- 
minal (T); 

obtaining from said terminal (T) said data of the 
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access area (AAD) to which the terminal (T) is 
connected through a provider agent (PA) soft- 
ware component; 

supplying said access area data (AAD) ob- 
tained to a user agent (UA) software compo- s 
nent where a user context associated with said 
access session is established and which con- 
tains Information relative to terminal Identity 
and terminal type; 

checking the subscription of said terminal, us- io 
ing said user context in a subscription manage- 
ment subsystem (SMS) for opening a service 
session or for participating in a previously 
opened service session; and 
admitting or rejecting a request for opening a is 
service session or for participating In a previ- 
ously opened sen/ice session in said terminal 
according to the result of the checking made In 
the preceding step. 

20 

2. A method, according to the preceding claim, char- 
acterised In that the access area data (AAD) contain 
information relative to connectivity provkler identifi- 
ers (CPI) and network types and Identifiers. 

2S 

3. A method, according to any of the preceding claims, 
characterised in that the provider agent (PA) ob- 
tains the access area data (AAD) from a terminal 
controller (TC) software component irKX>rporated in 
the terminal (T). 30 

4. A method, according to any of the preceding claims, 
characterised In that the checking of the service 
subscription Is done by means of a subscription 
agent (SubA) software component Incorporated In 3S 
the subscription management system. 



list (AADL) of permitted or available areas for the 
terminal nDobility service, thus admitting or rejecting 
terminal registration according to the result of said 
checking. 

8. A method, according to any of the preceding claims, 
characterised in that a terminal (T) Is connected to 
one or several access areas (AA) belonging to one 
or several networics (N) of one or several connec- 
tivity providers (3). 

9. A method, according to any of the preceding claims, 
characterised in that once the user context has 
been established, the user agent (UA) knows the 
access area (AA) in whk:h the terminal (T) is con- 
nected In said access session. 

1 0. A method, according to any of the preceding claims, 
characterised in that the service profiles (SP) cor- 
respond to sen^lce templates (ST) of the sen/rces 
provided by a retailer (1 ). 

11. Computer program comprising computer program 
code means adapted to perform all the steps of 
claim 1 when said program is run on a computer 

12. A computer readable medium having a program re- 
corded thereon, said computer readable medium 
comprising computer program code means adapt- 
ed to perform all the steps of claim 1 when said pro- 
gram Is run on a computer. 



5. A method, according to any of the preceding claims, 
characterised In that aflxed terminal establishes the 
access area in a process of terminal initiallsatkxt In ^ 
whch the required components are created in the 
terminal, and a mobile terminal updates the access 
area in the terminal each time the terminal Is regis- 
tered in the network, in the retailer domain (1), for 
the purpose of indicating tfiat the terminal has been 4S 
connected to the network. 



6. A method, according to claim 1 , characterised In 
that a servkie profile (SP) In the subscription man- 
agement contains an access areas data list (AADL) so 
of permitted or available areas for a given sen^ice 
whbh Is used for checking sut>scriptkxi to sakl serv- 
ice. 



7. A method, according to claim 6, characterised in ss 
that in the sen^tce profile (SP) for terminal nrK>blllty, 
It is checked as to whether the access area data 
(AAD) are in compliance with the access areas data 
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